Homeland Security
Agency Resources Address Violations of Restricted Airspace, but Management Improvements Are Needed Gao ID: GAO-05-928T July 21, 2005Securing and defending U.S. airspace is an interagency mission that depends on close interagency coordination and information sharing. GAO was asked to review (1) the threat assessment for U.S. aviation, (2) violations of restricted airspace since September 11, 2001, (3) agencies' individual or coordinated steps to secure U.S. aviation, and (4) interagency policies and procedures to manage the response to restricted airspace violations. GAO will issue a classified report responding to this request later this year. To keep this testimony unclassified, GAO focused on the latter three questions.
The Federal Aviation Administration reported about 3,400 violations of restricted airspace from September 12, 2001, to December 31, 2004, most of which were committed by general aviation pilots. Violations can occur because (1) pilots may divert from their flight plan to avoid bad weather, (2) the Administration may establish newly restricted airspace with little warning, and pilots in the air may be unaware of the new restrictions, or (3) pilots do not check for notices of restrictions, as required. Also, terrorists may deliberately enter restricted airspace to test the government's response or carry out an attack. Federal agencies have acted individually or have coordinated to enhance aviation security. For example, the Transportation Security Administration (TSA) established a national operations center that disseminates operational- and intelligence-related information, and has enhanced passenger and checked baggage screening, secured cockpit doors, and assessed the risk to some, but not all, commercial airports. Also, few general aviation airport owners have conducted risk assessments. The North American Aerospace Defense Command's mission was expanded to include monitoring domestic air traffic and conducting air patrols. Collectively, the agencies are operating the National Capital Region Coordination Center to secure the National Capital Region. GAO identified gaps in the simultaneous, time-critical, multi-agency response to airspace violations. While it may not be possible to prevent all violations or deter all attacks, GAO identified some gaps in policies and procedures. Specifically, the agencies were operating without (1) an organization in the lead, (2) fully developed interagency policies and procedures for the airspace violations response teleconferencing system, (3) information sharing protocols and procedures, or (4) accepted definitions of a violation. As a result, opportunities may be missed to enhance the security of U.S. aviation.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-05-928T, Homeland Security: Agency Resources Address Violations of Restricted Airspace, but Management Improvements Are Needed
This is the accessible text file for GAO report number GAO-05-928T
entitled 'Homeland Security: Agency Resources Address Violations of
Restricted Airspace, but Management Improvements Are Needed' which was
released on July 21, 2005.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony:
Before the Committee on Government Reform, House of Representatives:
United States Government Accountability Office:
GAO:
For Release on Delivery Expected at 10:00 a.m. EDT:
Thursday, July 21, 2005:
Homeland Security:
Agency Resources Address Violations of Restricted Airspace, but
Management Improvements Are Needed:
Statement of Davi M. D'Agostino, Director:
Defense Capabilities and Management:
GAO-05-928T:
GAO Highlights:
Highlights of GAO-05-928T, a testimony before the Committee on
Government Reform and Oversight, House of Representatives:
Why GAO Did This Study:
Securing and defending U.S. airspace is an interagency mission that
depends on close interagency coordination and information sharing. GAO
was asked to review (1) the threat assessment for U.S. aviation, (2)
violations of restricted airspace since September 11, 2001, (3)
agencies‘ individual or coordinated steps to secure U.S. aviation, and
(4) interagency policies and procedures to manage the response to
restricted airspace violations. GAO will issue a classified report
responding to this request later this year. To keep this testimony
unclassified, GAO focused on the latter three questions.
What GAO Found:
The Federal Aviation Administration reported about 3,400 violations of
restricted airspace from September 12, 2001, to December 31, 2004, most
of which were committed by general aviation pilots. Violations can
occur because (1) pilots may divert from their flight plan to avoid bad
weather, (2) the Administration may establish newly restricted airspace
with little warning, and pilots in the air may be unaware of the new
restrictions, or (3) pilots do not check for notices of restrictions,
as required. Also, terrorists may deliberately enter restricted
airspace to test the government‘s response or carry out an attack.
Federal agencies have acted individually or have coordinated to enhance
aviation security. For example, the Transportation Security
Administration (TSA) established a national operations center that
disseminates operational- and intelligence-related information, and has
enhanced passenger and checked baggage screening, secured cockpit
doors, and assessed the risk to some, but not all, commercial airports.
Also, few general aviation airport owners have conducted risk
assessments. The North American Aerospace Defense Command‘s mission was
expanded to include monitoring domestic air traffic and conducting air
patrols. Collectively, the agencies are operating the National Capital
Region Coordination Center to secure the National Capital Region.
GAO identified gaps in the simultaneous, time-critical, multi-agency
response to airspace violations. While it may not be possible to
prevent all violations or deter all attacks, GAO identified some gaps
in policies and procedures. Specifically, the agencies were operating
without (1) an organization in the lead, (2) fully developed
interagency policies and procedures for the airspace violations
response teleconferencing system, (3) information sharing protocols and
procedures, or (4) accepted definitions of a violation. As a result,
opportunities may be missed to enhance the security of U.S. aviation.
Depiction of a Potential Restricted Airspace Violation:
[See PDF for image]
Source: GAO.
[End of figure]
What GAO Recommends:
GAO recommended that the Secretaries of Defense, Transportation, and
Homeland Security strengthen the interagency process for managing the
response to violations of restricted airspace by determining whether an
organization should be in charge, developing interagency policies and
procedures, information sharing protocols, and common definitions. DHS
and DOD disagreed that one agency should be in charge, largely from
command and control concerns. DHS concurred or partially concurred with
the other recommendations; DOD nonconcurred with most of the rest. The
Department of Transportation concurred with GAO‘s recommendations.
www.gao.gov/cgi-bin/getrpt?GAO-05-928T.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Davi M. D'Agostino, (202)
512-5431, dagostinod@gao.gov.
[End of section]
Chairman Davis and Members of the Committee:
I appreciate the opportunity to be here today to provide results of
GAO's work on violations of restricted airspace and the interagency
response. Specifically, I will discuss the unclassified results from
our classified report on violations into restricted airspace that we
will issue in September 2005.
As you know, because of intelligence assessments since the September
11, 2001, attacks, the United States has established additional
temporary flight restrictions over important sites such as selected
governmental operations, national events, and critical
infrastructure.[Footnote 1] Established by the Federal Aviation
Administration (FAA), temporary flight restrictions and other special
use airspace measures are national airspace management tools used to
restrict flights into protected airspace. The intent of establishing
restricted airspace is to reduce the number of flights in that airspace
to only those authorized so that the FAA, the Department of Defense
(DOD), the Department of Homeland Security's (DHS) Transportation
Security Administration (TSA), and other agencies can more readily
identify an unauthorized aircraft and, if needed, take actions to deter
or defeat it.
Intelligence agencies believe that terrorists remain highly interested
in attacking U.S. aviation with commercial or general aviation
aircraft, in attacking an airport, or in using aircraft to attack
targets. Intelligence agencies differ in their assessments of how
significant the threat is from the use of certain general aviation
aircraft in an attack. Our prior work has shown that the success of
interagency efforts depends on melding multi-organizational efforts
through central leadership, an overarching strategy, effective
partnerships, and common definitions.[Footnote 2] Securing and
defending U.S. airspace is a key example of an interagency mission that
depends on close coordination and information sharing between and among
the agencies that share this mission. As many as 7 key government
organizations can be simultaneously involved in responding to a
violation of restricted airspace. TSA is responsible for ensuring that
only authorized pilots, cabin crewmembers, or passengers gain access to
an aircraft. Once airborne, FAA becomes the lead agency and is
responsible for managing traffic entering into or operating in U.S.
airspace to ensure safe operations by monitoring aircraft movements
using radar and maintaining communications with the pilots. Either
DOD's North American Aerospace Defense Command (NORAD) or DHS is called
in to enforce airspace security if TSA or FAA cannot prevent someone
from taking control of an aircraft without authorization or flying into
restricted airspace without authorization. During a violation, these
agencies carry out their responsibilities simultaneously. This was the
case during the incursions into the National Capital Region restricted
airspace during May 2005.
Today I will provide our findings on (1) violations of restricted
airspace since September 11, 2001, (2) agencies' individual or
coordinated steps to secure U.S. aviation, and (3) interagency policies
and procedures to manage the response to violations of restricted
airspace. I will also summarize our recommendations and the agency
comments.
Summary:
The FAA reported about 3,400 violations of restricted airspace
nationwide from September 12, 2001, to December 31, 2004, most of which
were committed by general aviation pilots. Violations can occur because
(1) pilots may need to divert from their planned flight path to avoid
bad weather and may consequently enter restricted airspace; (2) the FAA
may establish the restricted airspace with little warning, and pilots
already in the air may be unaware of the new restrictions; and (3)
pilots may not check FAA notifications of new restrictions, as
required.[Footnote 3] Also, terrorists might deliberately enter
restricted airspace to observe the government's response or to carry
out an attack. Most violations of restricted airspace occur in the
eastern United States due to heavy air traffic in the area and the
large amount of restricted airspace. Moreover, most violations of
restricted airspace in the eastern United States occur in the National
Capital Region. General aviation accounts for about 88 percent of all
violations nationwide. We did not review the actions taken by FAA
against pilots who violate restricted airspace, although we do describe
the actions FAA can take.
Since September 11, 2001, federal agencies have acted individually or
have coordinated to secure U.S. airspace and address the threat:
* TSA secured commercial aircraft, limited potential access to
commercial aviation aircraft and facilities, and conducted risk
assessments of some facilities.
* FAA has increased its use of temporarily restricted airspace for
national security purposes and has issued over 220 Notices to
Airmen[Footnote 4] to identify the location of restricted airspace. In
addition, the FAA established the Domestic Events Network,[Footnote 5]
an interagency teleconferencing system that permits the agencies to
communicate about and coordinate their response to violations of
restricted airspace.
* NORAD increased air patrols and improved airspace monitoring.
* Collectively, the agencies were operating the National Capital Region
Coordination Center to bring key agencies together to secure the
airspace over the National Capital Region.
We identified gaps in the management of the interagency response to
airspace violations. Individual agency and interagency progress and
coordination to secure airspace is noteworthy. However, we recognize
that it may not be possible to prevent all violations of restricted
airspace or deter all attacks. Airspace security measures could be
challenged. Moreover, in some cases pilots do not check on airspace
restrictions, as they are required to do. Such challenges, along with
the complexity of several agencies simultaneously carrying out their
respective agency responsibilities, highlight the need for clear
policies and procedures and optimal interagency coordination for the
most timely and effective management of the nation's airspace security
and violations of restricted airspace. Nevertheless, potential gaps
remain:
* TSA officials told us that the agency has conducted risk
assessments[Footnote 6] at some but not all of the commercial airports
in the United States.[Footnote 7]
* While each agency commands and controls its own resources, no one
organization leads the interagency response to airspace violations.
TSA, FAA, and DOD officials told us that at the National Capital Region
Coordination Center no one organization is in the lead because,
depending on the nature of the airspace violation, each of the agencies
simultaneously carries out its responsibilities during the phases of
the violation. TSA is the executive agent for the Center, but TSA
officials said that they only resolve or "deconflict" agency issues and
do not see themselves as being in charge.
* The agencies have not developed policies and procedures over who has
access to the Domestic Events Network, and FAA personnel told us that
under certain circumstances, they could be cut out of conferences if
these conferences go above a certain security classification and
different communication systems are used.
* As threat conditions warrant, the agencies may take additional steps
to secure the airspace outside the National Capital Region but they
have not begun to develop an overarching plan for such
airspace.[Footnote 8] As a result, interagency coordination may be
hampered.
* Agency database records documenting violations were not routinely
shared among FAA, NORAD, or TSA, or with FAA's Strategic Operations
Security Manager, because the agencies have not established information
sharing requirements and protocols. We reviewed FAA data and identified
information we believe agencies could use to better secure U.S.
airspace. Because data are not routinely shared, these agencies may
miss opportunities to enhance security.
* The potential for confusion about what constitutes an airspace
violation exists among the agencies because they do not have a common
definition of an airspace violation. As a result, the agencies may be
unaware of the scope and magnitude of the problem, making it more
difficult to allocate resources efficiently.
We made several recommendations to DHS, DOD, and the Department of
Transportation to strengthen the interagency process for managing the
response to violations of restricted airspace. DHS and DOD nonconcurred
with our recommendation that the three secretaries should determine
whether one agency should manage the interagency process of responding
to violations of restricted airspace, primarily because of concerns
about command and control. DHS and Transportation concurred or
partially concurred with most or all of our recommendations. DOD
nonconcurred with most of our recommendations.
Background:
After the terrorist attacks on the United States on September 11, 2001,
federal agencies took immediate steps to secure U.S. airspace. FAA
grounded all air traffic and DOD ordered Air Force fighter jets to fly
patrols over selected U.S. cites to deter and respond to any additional
attacks. In the months after the attacks, the President developed
certain national strategies and directives, and Congress established
TSA and gave it the responsibility to provide security for all modes of
transportation. Congress also later passed and the President signed
legislation to protect the homeland against air, land, and maritime
threats, including creating the DHS to coordinate and lead the national
homeland security effort. After the attacks, interagency coordination
increased as FAA, NORAD, TSA, their parent cabinet departments, and
other agencies with homeland air defense or security roles and missions
worked together to meet the overall goal of protecting U.S. airspace.
NORAD and the FAA have historically been the main contributors to
protecting U.S. airspace. FAA's primary mission is to safely manage the
flow of air traffic in the United States, but it contributes to air
security through its control of U.S. airspace. About 17,000 FAA
controllers monitor and manage airspace, support the coordination of
security operations, and provide information to military and law
enforcement agencies when needed. Within NORAD, Continental North
American Aerospace Defense Command Region personnel monitor radar data
on aircraft entering and operating within continental U.S. airspace.
NORAD also conducts air patrols in U.S. airspace.
Different Classes and Use of Airspace:
According to FAA, the agency divides airspace into four categories:
controlled, uncontrolled, special use, and other.[Footnote 9]
Controlled airspace may include special flight restrictions and will
have specific defined dimensions, including altitude ranges, or
vertical boundaries, and surface area, or horizontal boundaries. Any
aircraft operating within controlled airspace must comply with rules
governing that airspace or be subject to enforcement action. Controlled
airspace is further divided into classes ranging from A through E. Each
class of airspace has its own level of Air Traffic Control services and
operational requirements that pilots must follow in order to enter and
operate in it. For example, to operate in class A airspace, pilots must
have air traffic controller clearance to enter and must have
communication equipment on board to permit communication with air
traffic controllers. In lesser-restricted airspace, pilots can navigate
by landmarks. Controlled airspace can be further classified with
special flight restrictions. In uncontrolled airspace, class G, air
traffic controllers have no authority or responsibility to control air
traffic.
FAA also reserves airspace for special purposes, called Special Use
Airspace, which is normally established to protect important
infrastructure, including military installations. An Air Defense
Identification Zone[Footnote 10] is restricted airspace in which the
ready notification, location, and control of aircraft are required for
national security reasons.
FAA's other airspace category includes national security areas,
military training routes, and temporary flight restriction areas. A
temporary flight restriction typically restricts flights over specified
areas for a specified period of time. These zones can be established
over critical infrastructure, military operations areas, National
Security Special Events, and United States Secret Service protectees
(e.g. such as the President, whose airspace is protected as he moves
throughout the United States).
FAA notifies pilots of temporary flight restrictions through its
Notices to Airmen program. Pilots are required to check for notices
before beginning their flights to avoid any temporary flight
restriction zones during their flights. If pilots violate such a zone,
FAA can take actions against them ranging from suspending the pilot's
certificate to fly in response to a one-time, first-time violation to
revocation of the certificate when the violation is deliberate or
otherwise shows a disregard for the regulations.
Temporary flight restrictions are one component of a tiered security
aviation system. The system includes ground procedures, such as TSA
passenger screening procedures, and in-flight security procedures,
including reinforced cockpit doors and Federal Air Marshals on selected
domestic and international flights. Temporary flight restrictions are
considered passive air space control measures intended to keep the
flying public out of the protected airspace so that agencies can more
readily identify and respond to pilots exhibiting hostile intent. A
temporary flight restriction alone will not prevent pilots from
entering the protected airspace.
FAA monitors national airspace traffic to ensure safety and has
established triggers to help identify suspicious aircraft and pilots.
According to FAA procedures, FAA controllers are to advise the pilots
to change their course or altitude if they are on a course toward
prohibited or restricted airspace without authorization, or if they are
circling or loitering over a sensitive area. Sensitive areas include
airspace over dams, nuclear and electrical power plants, chemical
storage sites, the location of the President, or military facilities.
Various forms of suspicious pilot and aircraft activity are being
monitored.
If a violation is imminent or underway, responding agencies have only
limited time in which to decide what actions to take. Nonetheless, the
agencies need sufficient time to try to determine the pilot's intent
and, if necessary, to order, scramble, and launch DOD or DHS aircraft
to intercept the violator.
The response to a violation is managed using a process of recognition,
assessment and warning, interdiction, recovery, and follow-up; which
agency takes these actions depends on the specific nature of the
violation. FAA can report a violation of restricted airspace based on
radar tracking. If the offending aircraft deviates from its planned
flight path but is not heading directly toward the protected asset, FAA
may monitor the aircraft and try to contact the pilot but not interdict
the aircraft. Conversely, if NORAD or FAA perceives the aircraft to be
a threat based on its speed, direction, or other information, NORAD can
alert its aircraft and attempt to intercept the violator. If
successfully diverted away from the protected asset or restricted
airspace, Secret Service, FAA, TSA, or local law enforcement officers
may meet the aircraft and interview the pilot upon landing, to identify
any hostile intent. On the other hand, if the offending pilot does not
divert and proceeds to operate in a manner perceived as threatening,
the NORAD pilot can be ordered by the appropriate authorities to engage
the violating aircraft. Figure 1 shows an aircraft deviating from its
planned flight path and shows more highly threatening and, conversely,
less threatening violations of restricted airspace.
Figure 1: A Potential Restricted Airspace Violation:
[See PDF for image]
[End of figure]
Violations of Restricted Airspace:
Our review of an FAA database found about 3,400 reported violations of
restricted airspace from September 12, 2001, to December 31, 2004, most
of which were committed by general aviation pilots. According to FAA,
violations occur because (1) pilots may divert from their planned
flight path to avoid bad weather, or may make navigational errors and
consequently enter restricted airspace; (2) FAA may establish airspace
restrictions with little warning, and pilots already in the air may be
unaware of the new restrictions; or (3) pilots may not check for
notices of new restrictions as required by FAA and may consequently
enter restricted airspace without authorization. In addition,
terrorists might deliberately enter restricted airspace to observe the
government's response or to carry out an attack. FAA investigates pilot
deviations into restricted airspace to determine the reasons for an
incident and to determine whether the pilot's certificate should be
temporarily suspended or permanently revoked.
Factors That Contributed to Incursions:
As the scope of restricted airspace increases, the number of violations
generally also increases. In addition, a greater concentration of air
traffic, such as in the eastern United States, would affect the number
of violations. FAA has worked with the aviation community to inform
them of the additional restricted areas. Figure 2 shows the percentage
of violations of restricted airspace by area of the United States.
Figure 2: U.S Map With Percentages of Violations by FAA Area September
12, 2001 through December 31, 2004:
[See PDF for image]
[End of figure]
General aviation aircraft pilots accounted for about 88 percent of all
violations of restricted U.S. airspace between September 12, 2001, and
December 31, 2004. Figure 3 shows the percentage of incursions by type
of aircraft.
Figure 3: Violations by Type of Aircraft:
[See PDF for image]
Note: Data rounded to the nearest percent. FAA records a violation as
unknown when it is unable to identify the offending aircraft. Unknown
aircraft may include aircraft that depart from the restricted airspace
before authorities can identify them.
[End of figure]
According to FAA data, pilot error is the biggest contributor to
restricted airspace violations. Pilots may not check for FAA Notices to
Airmen that indicate the location of restricted airspace, or FAA may
establish such airspace with little warning, and pilots may
consequently enter the airspace. Airspace restrictions can move, such
as when the President travels. Notices on the location of newly
restricted airspace may be issued quickly, and pilots may already be in
their aircraft or in the air when the restriction is announced and
implemented. Moreover, pilots may fly around bad weather or may
experience equipment problems and consequently enter restricted
airspace to maintain safe operations.
To reduce violations, FAA has conducted safety seminars, provided a
toll-free number for pilots to call and check for restricted airspace,
identified the location of restricted airspace on its Web site, and
encouraged pilots to check for and be attentive to notices on
restricted airspace.[Footnote 11]
FAA Actions to Temporarily Suspend or Permanently Revoke Pilot
Certificates:
When a pilot enters restricted airspace without authorization, FAA
investigates and decides what actions to take against the pilot. After
the September 2001 attacks, FAA strengthened the actions that it could
take. For example, FAA no longer issues warning notices or letters of
correction to pilots. Instead, FAA will now suspend a pilot's
certificate for 30 to 90 days for a single, inadvertent, first-time
violation of a temporary flight restriction area that was established
with a notice. The temporary suspension's length depends on the degree
of danger to other aircraft and persons or property on the ground, the
pilot's level of experience, prior violations record, and certain other
factors. If a pilot deliberately enters restricted airspace without
authorization, FAA will revoke the pilot's certificate.
Federal Agencies Have Taken Individual and Coordinated Actions to
Mitigate the Terrorist Threat to U.S. Aviation:
Federal agencies have undertaken individual and coordinated initiatives
to secure U.S. aviation by trying to ensure that only authorized
personnel gain access to aircraft or airports, expanding efforts to
educate pilots about the location of restricted airspace and the
circumstances under which they may enter such airspace, improving the
monitoring of domestic airspace, enhancing their ability to enforce
airspace restrictions, and trying to effectively coordinate a response
to each restricted airspace violation in the event that prevention
fails. TSA, FAA, and DOD have individually and in a coordinated way
directed resources to mitigate the risk of terrorists using commercial
aircraft as weapons or targets.[Footnote 12] Some of the most publicly
visible changes are the advent of TSA operations at over 400 airports,
which include more rigorous passenger screening procedures.
TSA Has Acted to Secure Aviation:
The Aviation and Transportation Security Act, enacted November 2001,
authorized TSA to secure all modes of transportation.[Footnote 13]
Since then, TSA has established the Transportation Security Operations
Center, a national center that operates around the clock and analyzes
and disseminates operational-and intelligence-related information for
all modes of transportation. TSA has also enhanced passenger and
checked baggage screening, expanded the Federal Air Marshal Service to
place more marshals on international and domestic commercial flights,
and secured cockpit doors to prevent unauthorized entry to the flight
decks of commercial airliners.[Footnote 14] In addition, the Federal
Flight Deck Officers program is training pilots on commercial passenger
and cargo aircraft in how to use lethal force against an intruder on
the flight deck. In addition, TSA has expanded background checks for
more of the aviation workforce.
TSA is also working to fully implement a risk management approach that
would include risk assessment tools for targeting resources to improve
security. For example, the tool might indicate the level of
preparedness of a facility, given probable threat scenarios. The tool
may show that, based on a particular threat scenario, a facility's
physical security may be vulnerable, or access controls to the facility
may be weak. Based on the findings from use of the tool, owners and
operators could take actions to reduce these risks.
FAA Has Taken Steps to Monitor Airspace and Support a Coordinated
Interagency Response to Violations:
After September 11, 2001, FAA established additional temporary flight
restrictions over sensitive sites in the United States and established
a teleconferencing system to coordinate the nation's response to
violations of restricted airspace. Many of the additional temporary
flight restrictions were established over selected critical
infrastructures. Prior to the attacks, temporary flight restrictions
were rarely used for national security purposes. Since the attacks, FAA
has issued over 220 Notices to Airmen identifying temporary flight
restrictions. In addition, the amount of airspace associated with some
temporary flight restrictions has increased both vertically and
laterally. For example, presidential temporary flight restrictions
around the President have increased laterally from 3 to 30 nautical
miles and vertically from 3,000 feet to 18,000 feet.
To alert DOD, TSA, the Federal Bureau of Investigation, and other
agencies of suspicious activities or potential violations of protected
airspace, FAA established the Domestic Events Network after the
September 11, 2001, attacks. As discussed earlier, FAA also increased
the sanctions against pilots who enter restricted airspace without
authorization, and it has continued to educate pilots about restricted
airspace.
NORAD's Mission Has Expanded to Defend Domestic U.S. Airspace:
After the September 2001 attacks, NORAD's mission was expanded beyond
defending just external airspace to include domestic airspace. NORAD
also committed more fighters, refueling, and early warning aircraft to
support its expanded mission. These aircraft are part of DOD's
Operation Noble Eagle[Footnote 15] and conduct air patrols over
Washington, D.C., New York City, Chicago, Los Angeles, and other cities
based on the threat level and threat intelligence received and
analyzed. NORAD continually evaluates such information and directs
operations such as that of ordering fighters to patrol airspace over
these and other cities as appropriate. NORAD can also expand its
overall national air defense response levels and commit additional
resources according to the threat level.
To facilitate its current domestic military mission, NORAD expanded its
ability to monitor domestic airspace. Prior to the September 2001
attacks, NORAD did not monitor domestic airspace. However, following
the attacks and the expansion of NORAD's mission to include domestic
air defense, the command gained access to FAA's domestic airspace radar
system, with a software upgrade. During our review, NORAD was testing
replacement software that would allow it to achieve efficiencies in
securing domestic airspace. However, air defense-sector radar
operations crews we interviewed expressed concerns about the new
software. We briefed NORAD officials on these concerns, and the
officials responded that they would not accept the software until air
defense personnel were satisfied with its performance. Moreover, in
addition to normal software development meetings that NORAD had
conducted with the users, NORAD also held special meetings to address
the air defense-sector personnel's concerns. System testing was
scheduled through 2005.
NORAD is also trying to improve the data that it collects and records
on violations of restricted airspace. Our review found discrepancies in
the numbers of violations of restricted airspace recorded between the
air defense sectors and NORAD headquarters. For example, from January
through November 2004, the Northeast Air Defense Sector reported 2,069
cases where aircraft were monitored for violations of restricted
airspace and other activities.[Footnote 16] However, NORAD headquarters
had information on only 266, or 13 percent of the cases. NORAD
headquarters acted to correct the problem and is implementing a new
reporting system and conducting training. NORAD's air defense sectors
are primarily responsible for tracking and cataloging restricted
airspace violations. NORAD headquarters officials told us that their
airspace data had not been shared outside DOD. However, in July 2005,
DOD informed us that it is planning to share information contained in
its new system with the FAA upon completion of an interagency
memorandum of understanding.
Coordinated Agency Initiatives Taken to Secure U.S. Aviation:
The agencies have recognized that individual actions alone are not
sufficient to respond to violations of restricted airspace, and
consequently they have also coordinated their efforts to try and
enhance the response to each violation. The agencies have established
the National Capital Region Coordination Center to enhance the
effectiveness of air security and air defense operations in the
national capital region. The center's primary mission is to facilitate
rapid coordination and information sharing among participating agencies
in preventing, deterring, and interdicting air threats to the region.
To facilitate center operations, the participating agencies approved a
concept of operations plan in May 2005 that identifies agency roles and
missions in securing and defending national capital region airspace and
specifies certain interagency operating protocols.
Interagency Management of the Response to Airspace Violations Could
Benefit from Closing Gaps in Policies and Procedures:
The individual and coordinated agencies' actions represent noteworthy
efforts to counter the threat to U.S. aviation and the homeland.
However, it is important to recognize that it may not be possible to
prevent all restricted airspace violations or to deter all attacks.
Airspace security measures could be challenged. In addition, in some
cases, some pilots do not consult FAA notices on the location of
restricted airspace as required by FAA, and consequently sometimes
inadvertently enter restricted airspace without authorization. Although
FAA has established stricter sanctions against pilots and stepped up
its outreach efforts, violations continued at the time of our review.
Consequently, the interagency management of the response to airspace
violations could benefit from filling gaps in policies and procedures.
We also identified gaps in TSA's risk assessment of the aviation
sector.
Gaps in TSA Risk Assessments:
TSA has made improvements in airspace security; however, TSA does not
have complete knowledge of the level of risk existing in the commercial
aviation sector. While agency officials told us that they conducted
vulnerability assessments, a component of risk assessments, at many of
the commercial airports, they had not assessed all of them. TSA
officials explained that they had not yet established milestones for
specific actions needed to complete the risk assessments. As a result,
TSA lacks assurance that some airport managers have taken reasonable
steps to enhance security.
General aviation airports and aircraft are also a concern because TSA
has generally not assessed the level of security existing at these
airports. About 19,000 general aviation airports operate in the United
States, and TSA's overall vulnerability assessments at these airports
have been limited. Most general aviation airports are not required to
provide the same level of screening for pre-boarding passengers as at
commercial airports. TSA has reviewed some general aviation airports
for vulnerabilities and developed risk assessment tools to enable
managers to conduct self-assessments. Nonetheless, the assessments are
voluntary, and the completion of these assessments has been
limited.[Footnote 17] Thus, TSA plans to outreach to airport managers
to promote use of the tool. In a November 2004 report, we recommended
that the Secretary of Homeland Security direct the Assistant Secretary
of TSA to develop an implementation plan with milestones and time
frames to execute a risk management approach for general aviation, and
the agency concurred with our recommendation.
Gaps in the Interagency Management of Violations:
While improvements have been made in the overall management response to
airspace violations, the interagency response to airspace violations
suggests that there are opportunities for further improvement, because
these agencies have not formally developed an interagency program to
institutionalize the defense of restricted airspace. Specifically, the
agencies do not have:
* an organization in charge,
* interagency policies and procedures,
* protocols for information sharing, and:
* common definitions of restricted airspace violations.
Leadership Over the National Capital Region Coordination Center Is
Uncertain:
Each agency simultaneously acts and commands and controls its own
resources in responding to a violation of restricted airspace. At the
same time, TSA, FAA, and DOD officials told us that, at the National
Capital Region Coordination Center, determining who leads the
interagency response is difficult, may change depending on the nature
of the airspace violation, and may shift during the course of a
violation, as the agencies monitor the intruder's flight and consider
the appropriate response. TSA is the executive agency for the center,
but TSA officials said that they only resolve or "deconflict" agency
issues and do not see themselves as being in charge of the interagency
process for responding to violations of restricted airspace. At the
same time, DOD pointed out that the response at the center has little
or no effect on NORAD's response, because NORAD and FAA control
National Capital Region airspace. Without central leadership, the
potential exists for a somewhat slower response to a violation as the
agencies decide who is in charge while the violating aircraft continues
to operate in restricted airspace.
Interagency Coordination Is Occurring, but Policies and Procedures Are
Not Well Established:
While the interagency coordination achieved at the time our report was
noteworthy, TSA, FAA, DOD, and other agencies had not implemented
certain key policies and procedures that are critical to multi-
organizational success, particularly when they are acting
simultaneously in a time-critical operation. For example, the agencies
had not agreed on policies and procedures to specify who has access to
Domestic Events Network-initiated conferences, and under what
circumstances. Additionally, according to FAA, during a violation FAA
personnel may not have access to DOD's classified teleconference
systems if the interagency response goes beyond a certain national
security classification, because FAA officials may lack appropriate
security clearances. In other cases, according to DOD officials, when a
secure conference is taking place, FAA officials cannot connect
themselves into the conference, the originating party must call them
and FAA must subsequently answer the call, in order to participate. If
unable to participate, FAA officials told us that they may be unable to
effectively manage other aircraft in the area in a timely manner,
potentially resulting in aircraft collisions or exposing aircraft
transiting the area to danger if the decision is made to shoot down the
violator.
Concept of Operations Plan for the National Capital Region Is
Completed, but Remaining Airspace Is Not Covered:
In April 2005, the agencies completed their interagency concept of
operations plan for the National Capital Region Coordination Center,
but the concept of operations plan does not address when and how
responsibility for response is passed from agency to agency during a
violation. Also, the agencies have not begun to develop a plan covering
any other U.S. airspace. Such plans outline the general concept of
program operations with specific actions and responsibilities to be
assigned to participating agencies in a separate, more detailed plan.
Without a concept of operations plan, the effective passing of
responsibility from one agency to another to respond to a restricted
airspace violation cannot be ensured, potentially leading to confusion
and a slower response.
Information Sharing Protocols and Procedures Have Not Been Established:
Information sharing protocols and procedures have not been established
by the agencies or within some parts of FAA. After the agencies
complete the response to an airspace violation, FAA and NORAD officials
record the violation in separate databases. These databases consist of
records of violations that, taken together, could reveal trends
indicating testing or training for an attack. However, neither FAA nor
NORAD routinely shares even parts of its data with the other.
Furthermore, the FAA database was not routinely shared with the
agency's own Strategic Operations Security Manager, despite the
manager's repeated attempts to obtain access. In May 2005, FAA finally
agreed to share parts of the database with its own Strategic Operations
Security Manager. Although the FAA database was set up for a different
purpose, the manager had previously indicated that he could use
information to enhance security; however, he told us that the FAA
department that maintains the database had previously refused to
provide the information, citing the need to protect pilot information.
We also obtained access to key elements of the database[Footnote 18]
and found information that could suggest approaches to reducing
violations of restricted airspace. For example, we could identify
aircraft that repeatedly violated restricted airspace and the airports
from which the flights originated. Specifically, we found 2 general
aviation aircraft that had accounted for 6 violations each, and 29
airports, 17 of which are in Maryland and Virginia, that had accounted
for about 30 percent of all airspace violations nationwide. This is the
type of information that was not shared with the FAA Strategic
Operations Security Manager, but which such an office might find useful
in light of intelligence agency threat assessments about the potential
for terrorist use of general aviation aircraft.
Additionally, FAA enforcement actions taken on airspace violations are
not routinely shared with other agencies. Since agencies do not have
this information, they have little knowledge as to the disposition and
effectiveness of their collective efforts, and they may be hampered in
their ability to target limited resources effectively. For example,
NORAD air defense-sector personnel did not have aggregated or general
information about FAA's administrative enforcement actions against
pilots who had violated restricted airspace in their sectors.[Footnote
19]
Common Definitions Have Not Been Accepted:
Finally, the potential for confusion exists about what constitutes a
restricted airspace violation because no common definition has been
accepted. FAA and NORAD, the primary agencies collecting airspace
violations data, define it differently. NORAD uses the term "incursion"
and defines different types of incursions depending on various factors,
including airspeed and direction. FAA uses the term "pilot deviation"
and defines it as the actions of a pilot that result in the violation
of a Federal Aviation Regulation or a NORAD Air Defense Identification
Zone, a category of restricted airspace. However, the terms are not
synonymous, and a violation can trigger a response in one agency but
not another, even though multiple agencies share the responsibility for
restricted airspace security and an appropriate, timely response is
critical. Moreover, without a common definition that can be used as a
basis for collecting nationwide data, the agencies may not be aware of
the scope and magnitude of violations, making it potentially more
difficult to target resources efficiently and enhance security.
Conclusions:
After the September 11, 2001, attacks, the fragmented missions of
agencies involved in securing and defending U.S. airspace converged
into a broader interagency mission to protect the airspace. Since
September 11, 2001, several involved agencies took actions that
represent noteworthy efforts to counter the threat to U.S. aviation and
the homeland. TSA has attempted to identify vulnerabilities of aircraft
and airports and consequently implemented and continues to implement
security enhancements. Although TSA is finishing the development of a
risk-assessment tool to assess general aviation threats, TSA has not
established milestones with specific actions needed to complete a
similar risk assessment for the commercial aviation sector. Until the
assessment is completed, TSA may lack complete knowledge as to the
level of risk in commercial aviation, and it cannot be assured that
commercial aircraft owners and operators at some airports are
effectively targeting resources to mitigate the risk of terrorists'
using commercial aircraft to attack population centers and critical
infrastructure. Because the interagency process to manage the response
to restricted airspace violations is a time-critical operation, the
implications of not having well-developed policies, procedures,
information sharing protocols, and common definitions are serious. In
addition, if information and databases are not appropriately shared,
opportunities to better target limited resources and proactively
identify emerging threats could be missed.
Recommendations for Executive Action:
We recommend that the Secretary of Homeland Security direct the
Assistant Secretary of TSA to establish milestones with specific
actions needed to complete risk assessments applicable to the
commercial aviation sector.
We further recommend that the Secretaries of Defense, Homeland
Security, and Transportation work together to:
* determine the extent to which one agency should be in charge of
leading the interagency process of responding to violations of
restricted airspace as they occur;
* determine the degree to which interagency policies, procedures, and
other guidance on the Domestic Events Network are needed to evaluate
its effectiveness and identify potential improvements;
* develop a concept of operations plan or other relevant document to
guide the interagency process of responding to violations in all U.S.
airspace;
* establish information sharing requirements and protocols; and:
* establish common definitions.
In addition, we recommend that the Secretaries of Defense and
Transportation work together to determine the extent to which key
elements of FAA's pilot deviations database could be shared with NORAD.
We also recommend that the Secretary of Transportation direct the
Administrator of FAA to take the following actions:
* Obtain necessary security clearances for appropriate FAA personnel to
ensure that they are not excluded from airspace violations conferences
that require such clearances; and:
* Ensure that FAA shares sufficient data from its airspace violation
database (also known as its pilot deviations database) with FAA's
office of the Strategic Operations Security Manager to meet the needs
of that office.
Agency Comments and Our Evaluation:
We received unclassified written comments from DHS, classified written
comments from DOD, and unclassified oral comments from the Department
of Transportation on the classified draft report that we will issue to
you in September 2005. We have included the DHS comments in their
entirety in appendix II and the unclassified portion of DOD's comments
in appendix III. Each agency also provided technical comments, and we
incorporated them in our draft report and this statement where
appropriate.
DHS and DOD disagreed with our draft report recommendation that the
secretaries of the three departments work together to appoint an
organization responsible for determining the extent to which one agency
should be in charge of countering violations of restricted airspace as
they occur. DHS maintains that each agency should maintain full
authority to execute its own portion of the mission that contributes to
the interagency effort. DHS and DOD both pointed out that the
Interagency Airspace Protection Working Group in the Homeland Security
Council addresses interagency coordination issues, and DHS indicated
that the working group may be a vehicle for addressing the gaps we
identified. We note that, to date, the issues we highlighted in our
testimony remain unresolved. Nevertheless, we revised our
recommendation to suggest that the secretaries of the three departments
work together to determine the extent to which one agency should be in
charge of leading the interagency process of responding to violations
of restricted airspace. Ultimately, we believe that if the agencies can
collectively resolve the issues and gaps we identified in our report,
which they acknowledged, then an organization in charge may not be
needed.
As discussed above, DHS agreed or partially agreed with the rest of our
recommendations, while DOD disagreed with most of the recommendations
and agreed with some. Department of Transportation officials agreed
with the recommendations in our draft report.
DHS generally concurred with our recommendation to establish milestones
with specific actions needed to complete risk assessments applicable to
the commercial aviation sector. In its response, DHS said that it
continues to conduct assessments as part of its risk-based management
approach. While these are good first steps, we still believe it is also
important to establish milestones with specific actions needed to
ensure that the assessments are completed within a reasonable time
period and are effectively managed. While DHS disagreed with having a
lead agency, its comments stated that more could be done to coordinate
efforts during violations, but that the focus should be on open
communications to ensure flexibility in responding to the violation.
DHS told us that the Interagency Airspace Protection Working Group
meets regularly and addresses relevant national airspace issues, but we
noted that there is still an absence of an air security strategy, plan,
or concept of operations, and the issues we found that could enhance
air security such as information sharing and common definitions still
need to be addressed. DHS concurred with our recommendations to
determine the degree to which interagency policies and procedures on
the Domestic Events Network are needed; develop a concept of operations
for management of the interagency response to violations in all U.S.
airspace; and establish information sharing requirements and protocols.
With regard to our recommendation to establish common definitions, DHS
concurred in part, citing that each agency's mission and command and
control processes require that it develop its own definitions for
airspace violations. However, DHS agreed to share its definitions with
other agencies. We agree that sharing definitions is important;
however, it is unclear to us whether simply sharing and not harmonizing
definitions would sufficiently reduce confusion during the interagency
operation responding to violations of restricted airspace. This is
especially a concern in a time-critical function where clear decisions
are imperative.
DOD concurred or partially concurred with some of our recommendations
and nonconcurred with others. DOD also noted that we omitted from our
draft report certain DOD procedures officials supplied to us that
integrate DOD's response to violations of restricted airspace with
those of other agencies. We acknowledge that DOD has internal
procedures that discuss the way DOD interacts with other agencies, and
we considered those procedures as part of our analysis. DOD's
procedures notwithstanding, we identified a number of potential gaps in
the interagency process of responding to violations of restricted
airspace that remain unaddressed.
We recommended that the Secretaries of Homeland Security, Defense, and
Transportation work together to accomplish five initiatives. First, DOD
nonconcurred with our recommendation that the three secretaries work
together to identify an organization that would be responsible for
addressing interagency coordination issues. As did DHS, DOD pointed out
that the Interagency Airspace Protection Working Group already
addresses interagency coordination for homeland air defense.
Nonetheless, problems remain. For example, as we point out in our
report, information sharing protocols and procedures have not been
established, a concept of operations plan for airspace outside the
national capital region has not been developed, and common definitions
have not been adopted. DOD also pointed out that TSA hosts agencies at
the National Capital Region Coordination Center. While true, TSA
officials told us that they view their role as one of deconflicting
rather than of leading interagency efforts. As stated earlier, we
believe that if the agencies can effectively resolve the issues and
gaps we identified in the interagency process of responding to
violations of restricted airspace without having an organization in
charge, then an organization in charge may not be needed.
Second, DOD nonconcurred with our recommendation that the three
secretaries work together to determine the extent to which one agency
should be in charge of leading the interagency process of responding to
violations of restricted airspace as they occur. DOD stated that our
report is misleading because it implies that having someone in charge
would prevent some airspace violations. DOD also stated that DHS has
managed air security by hardening commercial aircraft cockpit doors,
placing armed Federal Air Marshals on some flights, and taking other
actions. DOD also pointed out that FAA manages airspace for flight
safety and DOD defends domestic airspace. DOD stated that all of these
missions occur at all times and there is never a "lead change." As
discussed above, we revised and clarified our recommendation to suggest
that the secretaries of the three departments determine the extent to
which one agency should be in charge of leading the interagency process
of responding to restricted airspace violations. Our recommendation is
intended to enhance the response to violations of restricted airspace
and is not premised on the notion that its adoption would prevent the
violations from occurring. Moreover, while steps taken by DHS, FAA, and
DOD to secure aviation, ensure flight safety, and defend homeland
airspace are important contributions, they generally do not contribute
to knowing who is in charge of the response as a violation is
occurring. Also, we agree with DOD that there is never a "lead change,"
because the interagency process lacks central leadership. Finally, we
did not recommend that a specific agency or individual be in charge. We
recommended that the departments study the question of whether it would
be advantageous to have someone in the lead. If the departments
determined that such a change would be beneficial, they would
presumably also determine what, if any, changes in law would be needed.
We acknowledge, however, that if the agencies can effectively resolve
the issues and gaps we identified in the interagency process of
responding to restricted airspace violations, then an organization in
charge may not be needed.
Third, we recommended that the three secretaries determine whether
interagency policies, procedures, or other guidance is necessary to
evaluate Domestic Events Network performance and identify improvements.
DOD nonconcurred and stated that the Domestic Events Network is not
designed for decision making. We note that the network is a telephone
conferencing system that permits communication between the agencies
responding to violations of restricted airspace for the purpose of
deciding on the coordinated response. We are not aware that the
agencies have evaluated network performance to determine whether
enhancements are possible, and our recommendation was intended to
promote such an evaluation. We continue to believe that government
initiatives benefit from appropriate evaluation of performance, and
consequently we stand by our recommendation.
Fourth, we recommended that the secretaries work together to develop a
concept of operations plan for management of violations in all U.S.
airspace. DOD nonconcurred on the basis that the agencies do not manage
violations but respond to them. Nonetheless, DOD agreed that an overall
air strategy and identification of roles and missions for each agency
should be considered. We agree that an overall strategy for securing
U.S. air space would be beneficial, and we believe that if such a
strategy is developed, a concept of operations plan or other relevant
document would follow. As a result of DOD's comment, we have revised
our recommendation to one of developing a concept of operations plan or
other relevant document to guide the interagency response to violations
of restricted airspace.
Finally, DOD concurred with our recommendations that the secretaries
work together to establish information sharing protocols and procedures
and establish common definitions.
We had also recommended that the Secretaries of Defense and
Transportation work together to determine the extent to which key
elements of the FAA's pilot deviation database could be shared with
NORAD, and DOD nonconcurred. In its comments, DOD stated that it does
not require access to private citizen data contained in the FAA
database. We agree that DOD does not require such information. However,
we recommended that DOD meet with the Department of Transportation to
determine whether any elements would be useful, and if so, to pursue a
means to obtain them. Consequently, we stand by our recommendation.
Department of Transportation officials told us that they agreed with
our recommendations and indicated that a national air security policy
should be established to outline major goals and responsibilities for
each of the agencies with responsibilities for the protection of U.S.
airspace. Department officials also stated that without a national
policy, the agencies would continue to work without unified, common
goals. Transportation officials suggested that a policy coordinating
committee be established for air security to address interagency
issues. They also agreed that information sharing is critical to
enhance air security and told us that they had begun sharing pilot
deviations data with the FAA Strategic Operations Security Manager as
we had recommended. We agree with the Department's overall comments and
believe that this is the type of dialogue that should take place
between the Departments of Homeland Security, Defense, and
Transportation.
Mr. Chairman, this concludes my testimony. Thank you again for the
opportunity to discuss these issues. At this time, I would be happy to
address any questions.
[End of section]
Appendix I: Scope and Methodology:
In conducting our review of the response to violations of restricted
airspace, we visited key offices within DOD, DHS, and FAA that have
responsibility for oversight and management of U.S. airspace. We
conducted our review in the Washington, D.C., area, at DOD, including
the Office of the Assistant Secretary of Defense (Homeland Defense),
Defense Intelligence Agency, and Joint Theater Air and Missile Defense
Office; DHS, including the Office of Immigration and Customs
Enforcement, United States Secret Service, and the Transportation
Security Administration, including the National Capital Region
Coordination Center; FAA Headquarters, Domestic Events Network, Air
Traffic Control System Command Center, and the Potomac Consolidated
Terminal Radar Approach Control facility. We also met with the Federal
Bureau of Investigation, the Central Intelligence Agency, the National
Counterterrorism Center, the National Aeronautics and Space
Administration, and the Aircraft Owners and Pilots Association. We did
not review ground-based air defense batteries that are also part of the
homeland air defense system.
We conducted fieldwork at U.S. Northern Command and NORAD, Colorado
Springs, Colorado, as well as NORAD's Northeast Air Defense Sector,
Rome, New York; Western Air Defense Sector, Tacoma, Washington; and the
Continental U.S. NORAD Region and Southeast Air Defense Sector near
Panama City, Florida. In addition, we visited the Air Force's Air
Combat Command, Langley, Virginia, and 84th Radar Evaluation Squadron,
Ogden, Utah; Immigration and Customs Enforcement's Air and Marine
Operations Center, Riverside, California; and FAA's Air Traffic Control
Center, Fort Worth, Texas.
To determine the extent to which violations of restricted airspace have
occurred since September 11, 2001, we met with NORAD and FAA officials
to obtain relevant data from their incursion and pilot deviation
databases, respectively, and discussed their methods for determining
what constitutes an incursion/pilot deviation. After determining that
NORAD's database was not adequate to accurately identify the number of
violations of restricted airspace, we obtained relevant portions of
FAA's pilot deviation database and performed the analysis necessary to
develop the data provided in the report. We reviewed the reliability of
the FAA database to determine the numbers of incursions. We (1)
performed electronic testing of the data elements needed for our
analysis and looked for obvious errors in accuracy and completeness,
(2) reviewed related documentation, and (3) interviewed officials
knowledgeable about the data. We noted several limitations in the data,
including missing values for key data elements and the fact that events
might be both over-and under-reported due to varying definitions of
pilot deviations. We were able to partially correct for these problems
and consequently determined that the data were sufficiently reliable to
illustrate analyses for tracking violations of restricted airspace.
However, because we could not fully correct for data errors, the data
presented should be considered estimates rather than precise numbers.
To identify the actions taken individually or in coordinated fashion to
secure U.S. airspace and aviation and to mitigate the threat since
September 11, 2001, we interviewed officials at the National Capital
Region Coordination Center; the headquarters of NORAD and its
Continental U.S. NORAD Region and the three continental U.S. based air
defense sectors, TSA, FAA, and Air Combat Command; and the Air and
Marine Operations Center. We discussed and reviewed changes in
operational responsibilities and plans of these organizations both pre-
and post-September 11, 2001. To better understand these actions, we
toured and observed the workings of the National Capital Region
Coordination Center, the air defense sectors, the Domestic Events
Network, and the Air and Marine Operations Center. While at some of
these centers, we observed the agencies' responses to actual violations
of restricted airspace, the interaction of the agencies involved in
responding, and the steps taken by the various agencies involved to
address the violation. We discussed with agency officials the
procedures for responding to incursions into restricted airspace and
reviewed pertinent documentation relating to those procedures where
they existed.
In examining interagency policies and procedures that govern the
management of airspace violations, we first reviewed existing GAO work
that found that the success of interagency efforts depends on melding
multi-organizational efforts through central leadership, an overarching
strategy, effective partnerships, and common definitions. We then
compared the extent to which agencies with responsibility for
preventing or responding to violations of restricted airspace have
established an organization in charge, interagency policies and
procedures, protocols for the sharing of database records documenting
violations of restricted airspace, and common definitions of restricted
airspace.
We conducted our review from June 2004 through April 2005 in accordance
with generally accepted government auditing standards.
[End of section]
Appendix II: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security:
Washington, DC 20528:
July 12, 2005:
Ms. Davi M. D'Agostino:
Director, Defense Capabilities and Management:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Ms. D'Agostino:
Thank you for the opportunity to comment on the Government
Accountability Office's (GAO) draft report titled, "HOMELAND SECURITY:
Interagency Resources Address Violations of Restricted Airspace but
Management Improvements are Needed" (GAO-05-472C). Technical comments
have been provided under separate cover.
The Department of Homeland Security (DHS) appreciates the work done in
this report to identify security issues associated with aircraft
incursions into restricted airspace. The Department believes that GAO's
identification of areas for improvement will add to the security of
aviation within the U.S. airspace. The Department's Transportation
Security Administration (TSA) generally concurs with GAO's findings,
but will address a few key issues in this letter.
DHS respectfully submits that GAO's emphasis on the need to have one
agency in charge of countering violations of restricted airspace may
actually hinder rather than facilitate an effective response. It should
be noted that the mission of air defense of the United States is
assigned to a single agency - the Department of Defense. However,
incursions of restricted airspace present a unique challenge since the
overwhelming majority of such incursions are caused by pilots operating
General Aviation aircraft, i.e., operations other than commercial
airlines or military. Although these incursions may represent
violations of airspace procedure, they rarely if ever pose a hostile
threat even as the possibility remains that they could.
Therefore, determining whether a specific restricted airspace incursion
represents a hostile threat is an essential task. Several agencies
contribute to this process by sorting (detecting, identifying, and
intercepting) unknown or non-compliant contacts that enter restricted
airspace. This sorting process declutters the air picture and supports
a determination of the potential hostile intent of airspace violators.
This effort succeeds best when each agency maintains full authority to
execute that portion of its own mission that contributes to this effort
and when all agencies fully coordinate and communicate with one
another. We fear that arbitrarily assigning lead agency responsibility
to one agency will hinder the flexibility of the coordinated effort.
It should also be noted that there is an interagency body that meets
regularly to coordinate airspace security issues, primarily in the
National Capital Region (NCR), but also elsewhere in the country as
needed. This body is the Interagency Airspace Protection Working Group
(IAPWG) whose membership includes several government agencies and such
DHS elements as TSA, U.S. Secret Service, Customs and Border Protection
Office of Air and Marine Operations (CBP/AMO), and the U.S. Coast Guard.
Most airspace violations are caused by pilots operating General
Aviation (GA) aircraft. TSA defines GA as operations other than
airlines or military aviation. GA is a diversified segment of the
aviation industry which accounts for approximately 77 percent of all
flights within the United States, and encompasses a wide array of
aircraft, ranging from large business jets and small recreational
aircraft to rotorcraft and airships. Additionally, GA consists of a
number of different types of operations, from corporate and certain
charter flight operations in small aircraft, to aerial observation and
crop dusting. Because this industry comprises such a large population
and diverse activities, TSA employs a threat based, risk management
approach to effectively utilize its resources and focus its efforts.
Simply "regulating" all of GA would be cost prohibitive and
inefficient. Therefore, it is incumbent when considering TSA oversight
for this industry that the segment of the industry being considered is
clearly delineated.
It is noted in GAO's report that TSA does not adequately regulate GA.
In fact, TSA regulates certain segments of the GA sector. As GAO
recently pointed out, the key to long-term success in securing general
aviation is a partnership among the federal government, state
governments, and the general aviation industry. [NOTE 1] To that end,
TSA and the Federal Aviation Administration (FAA) continue to provide
outreach to GA airport operators and pilots throughout the nation. For
example, TSA partnered with the Aviation Security Advisory Committee
(ASAC) to develop GA security recommendations which were included in
TSA's Information Publication A-001, "Security Guidelines for General
Aviation Airports." In addition, TSA developed the Airport Watch
Program in coordination with the Aircraft Owners and Pilots Association
(AOPA) which seeks to improve local awareness through public
communication and promotes the reporting of suspicious activity to TSA.
TSA regulates certain charter flight operations in small aircraft,
instruction of alien flight students and the provision of security
awareness training to employees of flight schools. During periods of
heightened alerts, TSA may also promulgate additional restrictions
based on threat. For instance, in August 2004, when TSA was presented
with credible threat information in New York City, TSA mandated
requirements for the helicopter tour industry to address the specific
threat.
Comments on GAO Recommendations Relevant to DHS:
Recommendation 1: Secretary of Homeland Security to direct TSA to
establish milestones with specific actions to complete risk assessments
applicable to the commercial aviation sector.
DHS generally concurs with this recommendation. Currently TSA performs
vulnerability assessments at commercial airports; the assessments
include air carrier operations and the environment they operate within.
These assessments are provided to the Federal Security Director and the
airport operator and used to improve the overall security posture of
the airport. TSA plans to continue this work as part of its risk-based
management approach. The vulnerability assessments are reviewed in
conjunction with threat assessments and developed into risk
assessments. TSA uses these risk assessments as tools to enhance
aviation security, including prevention and management of air
incursions.
GAO Recommendation 2: The Secretaries of Defense, Homeland Security and
Transportation work together to appoint an organization responsible for
addressing interagency coordination efforts to include:
a. Determining the extent to which one agency should be in charge of
countering violations of restricted airspace as they occur.
DHS concurs in part. DHS is committed to handling airspace violations
in the most effective manner possible and agrees more can be done to
coordinate efforts during airspace restriction violations. DHS believes
that the focus should not be on a single agency leading the response;
it is more important that each agency maintain its command and control
but allow open communication with the other agencies to ensure
flexibility in response and resolution of the violation.
In addition to the coordinated agency response and resolution, there is
currently an InterAgency Airspace Protection Working Group (IAPWG) that
meets regularly to address issues that affect aviation security. The
IAPWG was created after the attacks of September 11, 2001 and works to
coordinate and address airspace issues that pertain to the National
Capital Region, and addresses other relevant national airspace issues.
The IAPWG, which was chartered by the Homeland Security Council, serves
as a forum to bring multiple government organizations together as full
partners in the cooperative development of procedures and policies to
enhance Homeland Air Security. Currently, at the request of the HSC and
as per the majority vote of the membership, TSA is chairing the IAPWG.
b. Determining the degree to which interagency policies, procedures,
and other necessary guidance on the Domestic Events Network are needed
to evaluate its effectiveness and identify potential improvements.
DHS concurs. DHS commends the FAA in its operation of the Domestic
Events Network (DEN), as it provides an open line of communication for
real time coordination during events. DHS will work with other agencies
to determine whether interagency policies, procedures, and other
guidance are needed.
c. Developing a concept of operations for management of violations in
all U.S. airspace.
DHS concurs. It is important to note that it is ultimately each pilot's
responsibility to request the most recent information regarding
temporary flight restrictions and to review the latest Notices to
Airmen (NOTAM) issued by the FAA before initiating flight operations.
However, TSA and the FAA will continue to provide outreach to GA
airport operators and pilots to prevent pilot based airspace
violations. The outreach campaign includes "Pilot Town Meetings,"
development and dissemination of informational materials throughout the
nation, and leveraging government and industry websites.
TSA, in coordination with FAA, and as a member of the IAPWG, will
continue to develop a concept of operations to manage airspace
violations throughout the nation that relies primarily on risk
management principles. Such a risk management approach allows TSA to
determine which areas present the greatest vulnerabilities that need to
be addressed immediately. Consequently, TSA will continue to enact
reasonable, feasible, and effective security measures appropriate to
the airspace environment while endeavoring to minimize impacts on the
national airspace.
d. Establishing information sharing requirements and protocols.
DHS concurs. TSA works with several agencies through the DEN which was
established in response to September 11, 2001 and is maintained by the
FAA. The DEN's 24-hour access provides a real time method for hundreds
of government entities to share information about the violation, and
about how each entity is moving to resolve the violation according to
the mission. The DEN, in addition to direct phone calls, text
messaging, and face-to-face meetings, provides an atmosphere of
information exchange among agencies in an efficient manner. In
coordination with other agencies, TSA will continue efforts to enhance
information sharing.
e. Establishing common definitions.
DHS concurs in part. Each agency's mission and command and control
processes require that the agency develop its own definition for
airspace violations. However, in order to promote commonality, TSA will
work with other agencies to share definitions.
In conclusion, thank you again for providing this report to assist
Congress in better understanding the communication and processes that
are associated with airspace violations throughout the United States.
We look forward to working with you on future homeland security issues.
Sincerely,
Signed by:
Steven J. Pecinovsky:
Director:
Departmental GAO/OIG Audit Liaison:
NOTE:
[1] General Aviation Security: Increased Federal Oversight Needed, but
Continued Partnership with the Private Sector is Critical to Long-Term
Success, GAO-05-144, (Washington, DC, December 10, 2004).
[End of section]
Appendix III: Comments from the Department of Defense:
UNCLASSIFIED:
ASSISTANT SECRETARY OF DEFENSE:
HOMELAND DEFENSE:
2600 DEFENSE PENTAGON:
WASHINGTON, DC 20301-2600:
13 JUL 2005:
Ms. Davi M. D'Agostino:
Director, Defense Capabilities and Management:
U.S. Government Accountability Office:
441 G Street, N.W.:
Washington, DC 20548:
Dear Ms. D'Agostino:
(U) This is the Department of Defense response to the GAO draft report,
"HOMELAND SECURITY: Interagency Resources Targeted to Address
Violations of Restricted Airspace but Management Improvements are
Needed," dated June 1, 2005 (GAO Code 350538/GAO-05-472C).
(U) In general, some of the recommendations omitted DoD's specific
substantiation of procedures that integrate DoD with other Federal
agencies during identification of tracks of interest. This information
was provided to GAO auditors during the engagement process. Our
comments will focus on these issues. Enclosure I deals specifically
with the report recommendations for DoD; enclosure 2 provides technical
comments on the accuracy and completeness of the report.
(U) Thank you for the opportunity to review the report. Mr. Johnnie
Wauchop, Assistant for the Air Domain, Force Planning and Employment,
has the lead for this effort in my organization. He may be reached at
(703) 693-1968.
Signed by:
Paul McHale:
Enclosures:
1. DoD Comments on the Recommendations.
2. DoD Technical Comments:
This memorandum standing alone is UNCLASSIFIED:
[End of section]
Appendix IV: GAO Contact and Staff Acknowledgments:
GAO Contact:
Davi M. D'Agostino (202) 512-5431:
Acknowledgments:
Brian J. Lepore, Lorelei St. James, James F. Reid, James R. Nelson,
Carissa D. Bryant, Ronald La Due Lake, Rebecca Shea, Michael C. Zola,
Cheryl Weissman, and R.K. Wild made key contributions to this
statement.
[End of section]
Related GAO Products:
General Aviation Security: Increased Federal Oversight Is Needed, But
Continued Partnership with Private Sector is Critical to Long-Term
Success. GAO-05-144. Washington, D.C.: September 30, 2004.
Homeland Defense: Progress Made in Organizing to Achieve Northern
Command's Mission, but Challenges Remain. GAO-04-622C. Washington,
D.C.: September 8, 2004.
Homeland Security: Efforts to Improve Information Sharing Need to be
Strengthened. GAO-03-760. Washington, D.C.: August 27, 2003.
Homeland Defense: DOD Needs to Assess the Structure of U.S. forces for
Domestic Military Missions. GAO-03-670. Washington, D.C.: July 11,
2003.
Homeland Security: Effective Intergovernmental Coordination is Key to
Success. GAO-02-1013T. Washington, D.C.: August 23, 2002.
Homeland Security: Key Elements to Unify Efforts Are Underway but
Uncertainty Remains. GAO-02-610. Washington, D.C.: June 7, 2002.
Combating Terrorism: Selected Challenges and Related Recommendations.
GAO-01-822. Washington, D.C.: September 20, 2001.
FOOTNOTES
[1] Critical infrastructure is defined as systems or assets, whether
physical or virtual, so vital to the nation that the incapacity or
destruction of them would have a debilitating impact on national
economic security, national public health, or safety.
[2] GAO, Homeland Security: Key Elements to Unify Efforts Are Underway
but Uncertainty Remains, GAO-02-610 (Washington, D.C.: June 7, 2002).
[3] "Each person shall, before conducting any operation under the
Federal Aviation Regulations (14 C.F.R. Chapter 1), be familiar with
all available information concerning that operation, including Notices
to Airmen issued under §91.139," 14 C.F.R. pt. 91, SFAR No. 60 - Air
Traffic Control Emergency Operation.
[4] Pilots are required to check Notices to Airmen before beginning
their flights to avoid any temporary flight restricted zones during
their flights. These notices contain the specific locations and times
that airspace is restricted.
[5] While our report discusses management of restricted airspace
violations, the mission of the Domestic Events Network also includes
managing the response to hijackings, suspicious activities, and other
events.
[6] Risk assessments involve assessing a facility's threats,
vulnerabilities, and critical assets to determine where resources
should be targeted to reduce risk.
[7] On this review, we did not evaluate the adequacy of TSA's risk
assessment tools; however, in other reviews GAO is assessing various
aspects of TSA's risk management approaches.
[8] Airspace outside the National Capital Region is protected for
National Security Special Events and Presidential movements, and when
intelligence warrants protection.
[9] 14 C.F.R. pt. 99 (2005).
[10] 14 C.F.R. pt. 71 (2005).
[11] We did not evaluate the effectiveness of these efforts.
[12] The resources discussed are not meant to be all-inclusive, but are
used to highlight some of the resources that have been provided.
Providing an all-inclusive list was beyond the scope of our review.
[13] Pub. L. No. 107-71 (2001).
[14] In November 2003, the Federal Air Marshal Service was transferred
to Immigration and Customs Enforcement.
[15] Operation Noble Eagle is a DOD-led military mission that began on
September 11, 2001, to defend the United States against terrorism or
foreign aggression.
[16] NORAD may monitor for other activities if, for example, it
receives intelligence information that indicates an aircraft may
present a potential threat. Because NORAD data includes information on
other airspace activity as well as violations into restricted airspace,
NORAD data did not correspond to FAA data for the same time period.
[17] GAO, General Aviation Security: Increased Federal Oversight Is
Needed, but Continued Partnership with the Private Sector Is Critical
to Long-Term Success, GAO-05-144 (Washington, D.C.: November 10, 2004).
[18] FAA excluded pilot information from the key elements we obtained.
[19] Such information would not have to include privacy information
that could be used to identify individual pilots.
